devfandomcom-20200223-history
Talk:UserTalkNotifications
__TOC__ Universality It would be much easier if the code was set to go onto our global.js page, rather than us having to type out the name of every single wiki we want to use it on. Is this possible? [[User:Kamikaze839|'Kamikaze839']] 06:48, December 18, 2013 (UTC) :I'm not quite sure what you mean. Could you explain it a little differently? http://images.wikia.com/legomessageboards/images/e/eb/SeaSig.png ::As in basically, just copy importScriptPage('UserTalkNotifications/code.js', 'dev'); onto the global.js without putting in the additional lines of code to specify the wikis like what we currently need to do and still have it function normally. [[User:Kamikaze839|'Kamikaze839']] 21:18, December 18, 2013 (UTC) :::Oh, I see. It wouldn't be possible to simply do that. I'm sure you wouldn't be very happy with your loading time if the script were to check all hundreds of thousands of wikis every time you loaded a page. It would be possible to store cookies if you visit the talk page and it is created. The only problem is you have no way to manage them. They could timeout, but then you might not get a notification on an important page. Writing a UI for it would take a lot of time I don't have. If someone else wants to, that would be great. I think I was going to say something else, but I don't remember. http://images.wikia.com/legomessageboards/images/e/eb/SeaSig.png :::Cookies aren't persistent across wikia, they're limited to each wiki. This isn't anything we can control, it's implemented by your browser for security and can't be bypassed. The only way to get around this is to hardcode each wiki into the configuration options like Seaside has done. ::::No, this script uses cookies across all the wikis. By setting the domain to .wikia.com, they can be accessed in any subdomain. I'm going to have a lot of time in the next few weeks, so I will see about making it so you can go to a page and "Add" or "Remove" it.http://images.wikia.com/legomessageboards/images/e/eb/SeaSig.png I played around with some code tonight, and encountered a large problem. The wikis would have to be saved as cookies, which won't work across devices. The script already doesn't handle cross device use very well, but still. The only other option would be to use ajax to edit your global.js every time you add a page, which might be possible, but do you really want a script editing your JS? I'll look into it anyhow. http://images.wikia.com/legomessageboards/images/e/eb/SeaSig.png Monobook? This is an awesome script! I especially like how it can tell me when I have a message on other such pages. However, it does not work in Monobook. I have another script by someone else whose Monobook portion works well, albeit not across wikis like this one does. Question: Can the Monobook portion of that script be integrated with this one, and be made to work cross-wiki like this one does? Thanks! :) — SpikeToronto 07:21, June 26, 2015 (UTC) :First time reading this post. Already done. ~Curiouscrab (talk) 18:37, July 9, 2015 (UTC) ::Thanks! :) — SpikeToronto 07:08, July 10, 2015 (UTC) Major Changes It has been requested that this script allow admins to check other users' talk pages as well as their own. A change like this would require that we scrap the entire window.talkName variable and require that the full page title be typed. There could be a fallback option for users that already use this script so that the window.talkName variable still functions as before. ~Curiouscrab (talk) 18:26, March 30, 2016 (UTC) Security issue in script The introduced a bug in that a wiki name is now passed to utnCheckWiki function, but some of that function's code wasn't updated to use this (still trying to access the array instead). This could be easily fixed, however doing so without rewriting much of the code will reintroduce a security issue in that the provided wiki name is passed straight to a JSONP AJAX call, which can allow arbitrary code to be run. Whilst this does require setting a variable in the site/user JavaScript first (a bit harder than just adding particular text to a page, for example), it should still be fixed as something like window.talkWikis = [ "example.com/" ]; may not be caught by a JS reviewer as something that will load a remote script. - OneTwoThreeFall talk 18:03, December 5, 2017 (UTC) : Whoops, that's a great catch! Do you think would work? -- Cube-shaped 20:43, December 5, 2017 (UTC) :: Probably not! :) That test would be true on anything that contains one of those characters. Constructing the URL before the request (using mw.Uri, perhaps) and then checking the host ends with "wikia.com" would be best, I think. :: Honestly, that script gives me shudders - all that HTML mixed with input… there may be other places that have issues. It even attempts to directly edit your global.js page to update its settings, which seems rather "wrong" for a script to be doing. - OneTwoThreeFall talk 15:35, December 6, 2017 (UTC) ::: Hmm, I can't see how can any user make the script query any domain other than wikia.com using these characters. The script is appending ".wikia.com/api.php" to the wiki subdomain provided in that array but I suppose I could make the validation process append the provided subdomain to ".wikia.com", pass that through mw.Uri and then check the host, just to make sure. ::: There are sadly a lot of scripts on Dev Wiki that still concatenate HTML instead of using DOM API/jQuery/UI-js or even Mustache :( -- Cube-shaped 15:52, December 6, 2017 (UTC) :::: The issue is your regex is just /0-9a-z\.-/ - that only has to match one character to be true, as it has no start or end anchors and matches a single character. I suggested mw.Uri just to be extra sure nothing odd gets through, but /^0-9a-z\.-+$/ would likely be fine (making sure the entire string is only those characters). - OneTwoThreeFall talk 16:37, December 6, 2017 (UTC) '' '' I'm apparently dumb. I've submitted the script for review now. -- Cube-shaped 19:26, December 6, 2017 (UTC)